ddaa

@0xddaa

I'm ddaa, aka 0xddaa.

ddaa.tw
Vrijeme pridruživanja: rujan 2014.
39 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @0xddaa

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @0xddaa

  1. 24. sij

    New challenges release! :tada:

    🎉 it's Chinese New Year's Eve! so we're going to release some new challenges! 8 new challenges will be unlocked on UTC 2019-01-26 04:00
    Prikaži ovu nit
    1 proslijeđeni tweet 12 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    10. sij

    I'm releasing ghidra scripts that I made for pwn and reversing tasks, starting with this set of scripts to replace linux/libc magic numbers with readable names for aarch64, amd64/i386, arm/thumb, hppa, m68k, mips, ppc, ppc64, sh, sh4, sparc and sparc64.

    13 replies 387 proslijeđenih tweetova 1.137 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    9. sij

    Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass

    1 reply 42 proslijeđena tweeta 100 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    9. sij

    🎉 First security blogpost of 2020 🎉 Some people ask me, so here is how to start fuzzing APIs of JavaScript engines like Chrome/V8. In this blogpost, I'm using: ✅ Dharma/Domato ✅ Chrome/v8 ASan pre-built ✅ Honggfuzz ;)

    73 proslijeđena tweeta 149 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    7. sij

    At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):

    5 replies 207 proslijeđenih tweetova 571 korisnik označava da mu se sviđa
    Poništi
  6. 1. sij

    <非洲的動物上班族> 最後竟然正經了一回 XD 一個反差萌欸

    Poništi
  7. proslijedio/la je Tweet
    1. sij

    Some of my exploits for BambooFox CTF ABW: APP I/II:

    2 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    29. pro 2019.

    Let's capture the fortune once again! Hope everyone enjoyed our hacker party. See you next year. Yo

    4 proslijeđena tweeta 8 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    22. pro 2019.

    這篇真的對軟體工程師的職涯幫助甚多

    45 proslijeđenih tweetova 118 korisnika označava da im se sviđa
    Poništi
  10. 22. pro 2019.

    The timeout makes exploits need more accurate. (I learned from Codeblue CTF. :p). LC↯BC may stay ahead until the game end if they find another arbitrary leak vuln.

    2 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. 22. pro 2019.

    And the timeout of the program is 60 seconds. In other words, each round only has 5 chances to run the exploit and reduced to 2 chances after the scoreboard closed. In fact, LC↯BC only attacks 4 teams in each round in the last 3 hours.

    1 reply
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. 22. pro 2019.

    However, LC↯BC didn't attack all of the teams in each round. I guess the reason is that leak memory by calculating crc32 is easy to fail, but they must wait for the program to receive SIGALRM to trigger ROP be executed.

    1 reply 1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. 22. pro 2019.

    LC↯BC finds 2 vulns (at least): stack bof and another bof when calculating crc32. No other teams replay the exploit successfully because ASLR will cause the result of crc32 to change.

    1 reply 1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. 22. pro 2019.

    PPP finds 3 vulns: logic error, stack and heap bof, but they patch the binary with a small buffer size, it will cause SLA failed. :'(

    1 reply 1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. 22. pro 2019.

    About `hitcon ftp`: Six intended vulns, one of which is a logic error and allows teams to download the arbitrary files (every team was aware after pcap released), two of which can control RIP (stack and heap bof) and the last three can leak memory address.

    22 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    21. pro 2019.

    New writeup, one of my favorite bugs 🤠 - Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty Featuring...

    29 replies 477 proslijeđenih tweetova 1.327 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    21. pro 2019.

    Pwning VMWare, Part 1: RWCTF 2018 Station-Escape

    138 proslijeđenih tweetova 285 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    17. pro 2019.

    [BLOG] A Deep Dive Into Samsung's TrustZone (Part 2) by ,   and

    1 reply 66 proslijeđenih tweetova 84 korisnika označavaju da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    16. pro 2019.

    HITCON CTF Finals 2019 The Fortune This is the final result of HITCON CTF congratulations to Tea Deliverers, LC↯BC, TokyoWesterns ! And all the teams ! you are amazing ! What will we capture next year ?

    8 proslijeđenih tweetova 39 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    16. pro 2019.

    Here is part one. Pretty sure the attack surface described has many more bugs (not just the vmware tools installer.. I doubt this bug is exploitable in the first place, just wanted something to demo that is unpatched, easier for folks to learn!)

    14 replies 251 proslijeđeni tweet 591 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@0xddaa još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·